ESRS 1 · CSRD · Technology

Double Materiality Assessment
for Technology

Technology companies face a concentrated materiality profile around energy use, data ethics, workforce conditions, and hardware supply chains.

0 topics in scope · 0 scored

Select sustainability topics

Review each ESRS topic and mark it as in-scope or out-of-scope for your organisation. Topics marked out-of-scope should have documented rationale.

Environment
Social
Governance

Export as PDF report

Download a formatted double materiality assessment report with material topics, IRO register, and heatmap summary. Enter your email to unlock.

No spam. We're auditors, not marketers.

Powered by ciferi.com · Free audit calculators & templates

Need production-ready working papers?

Built by a practicing auditor · 14-day money-back guarantee · Free updates when standards change

Double materiality assessment for Technology

Technology companies entering the CSRD reporting population face a materiality profile that depends heavily on whether they are software-only or have hardware in the value chain. A pure SaaS provider's environmental footprint centres on data centre energy consumption and the embodied carbon of cloud infrastructure. A hardware manufacturer or electronics retailer inherits the full mining-to-disposal chain with its conflict minerals, hazardous waste, and factory labour conditions. The double materiality assessment under ESRS 1.20-33 must reflect this distinction, not apply a generic "tech sector" template.

E1 Climate change is material for nearly all technology companies. Data centres consumed an estimated 460 TWh of electricity globally in 2024 (per the IEA's Electricity 2024 report), and that figure is climbing with AI workloads. Even companies that outsource to hyperscale cloud providers bear Scope 3 category 1 exposure for purchased cloud services. On financial materiality, energy price volatility and carbon pricing mechanisms (EU ETS for data centres in scope) create direct cost exposure. E5 Resource use and circular economy applies to companies producing hardware, managing electronic waste, or consuming significant quantities of rare earth minerals. The EU's proposed Ecodesign for Sustainable Products Regulation will impose circular economy obligations on electronics manufacturers. S1 Own workforce is material across the sector, but the specific sub-topics differ from manufacturing. Technology companies face materiality on working time (crunch culture), diversity and inclusion metrics, and adequate wages for contractor workforces. S4 Consumers and end-users is where technology diverges most from other sectors. Algorithmic bias, data privacy (GDPR enforcement actions totalled over EUR 2.1 billion in fines between 2018 and 2024), digital addiction in minors, and content moderation failures all fall under S4's impact materiality scope. G1 Business conduct covers anti-competitive practices, lobbying transparency, and tax practices, all areas of active regulatory scrutiny for large technology firms.

Assurance providers reviewing technology company assessments flag two recurring issues. First, entities exclude E2 Pollution and E3 Water without adequate justification. Data centres in water-stressed locations use significant volumes for cooling (Google reported 5.6 billion gallons of water use in 2022 across its facilities). Dismissing E3 without site-by-site analysis is a gap. Second, entities treat S4 as immaterial because they are not consumer-facing, ignoring that business customers' employees and their data subjects qualify as end-users under ESRS S4. A B2B SaaS company processing personal data for its clients has S4 exposure through those data subjects.

Technology companies should segment their assessment by business line. For each line, map the value chain and identify the relevant ESRS topics. Software businesses focus on E1 (energy), S1 (workforce), S4 (data ethics, privacy), and G1. Hardware businesses add E2 (hazardous substances in manufacturing), E5 (e-waste, conflict minerals), and S2 (factory labour conditions in the supply chain). Use energy consumption data from cloud provider sustainability reports, Scope 3 estimates from spend-based models, and privacy incident logs as quantitative inputs. For S4, document the volume of personal data processed, the number of data subjects affected, and any regulatory actions or complaints received.

Frequently asked questions: Technology

Are SaaS-only companies likely to find fewer ESRS topics material than hardware companies?
Yes. A pure SaaS company typically finds E1, S1, S4, and G1 material, with limited exposure on E2 through E5. A hardware company or one with a physical supply chain will likely add E2, E5, and S2. But SaaS companies must still assess all topics and document why they concluded certain topics are not material, per ESRS 1.28.
How should technology companies assess S4 for data privacy impacts?
Score severity using the criteria in ESRS 1.45-48. Scale is the number of data subjects affected. Scope is the geographic and jurisdictional reach. Irremediable character considers whether a data breach causes harm that cannot be fully remedied (identity theft, for example, has lasting consequences). Financial materiality includes GDPR fine exposure (up to 4% of global turnover), litigation costs, and customer churn following incidents.
Is E4 Biodiversity relevant for technology companies?
Rarely at the entity level, unless the company operates large campuses in ecologically sensitive areas or sources minerals linked to habitat destruction (cobalt mining in the DRC, lithium extraction in South America). Most technology companies will conclude E4 is not material, but the assessment must consider the upstream mining value chain if hardware is involved.
Should AI-focused companies treat algorithmic bias as a materiality topic?
Algorithmic bias falls under S4 Consumers and end-users. If the company's AI products make decisions affecting individuals (credit scoring, hiring tools, content recommendation), the potential for discriminatory outcomes creates impact materiality. Financial materiality arises from regulatory action under the EU AI Act, which entered application in August 2025 for high-risk AI systems. Score it under S4 using the severity criteria.

Related industry assessments

General Assessment

All industry assessments

Manufacturing Retail Banking & Finance Healthcare Real Estate Not-for-Profit Insurance Energy & Utilities Agriculture Construction Logistics Professional Services
Scope 3 Emissions Estimator ISA 570 Going Concern Checklist Materiality Calculator

Further reading